Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) – googleprojectzero.blogspot.com
It’s a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern mobile platforms include multiple processing units, all elaborately communicating with one another.

How Long Does It Take to Crack Your Password? – blog.elcomsoft.com
We hear the “how long will it take to break…” question all the time. The answer is always the same: “it depends”. In this article we’ll try to give a detailed explanation and a definite answer for as many possible combinations as possible.

Tools

USB Canary – github.com
USB Canary is a Linux tool that uses pyudev to monitor USB devices either around the clock, or just while it’s locked. It can be configured to send you an SMS via the Twilio API, or notify a Slack channel with it’s inbuilt Slack bot.

nRF24 Playset – github.com
The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+.

Techniques

How I Hacked my Smart TV from My Bed via a Command Injection – www.netsparker.com
It was one of those lazy evenings, just watching TV after a long day. I was tired but kept on thinking about a vulnerability I found earlier on in a router someone gave me. Finding a flaw in such a device is always quite fun because you often see things that aren’t meant to be seen by the users, except the developers and maybe the company’s tech support team.

Hacking the Belkin E Series OmniView 2-Port KVM Switch – blog.talosintelligence.com
In this post, we demonstrate the possibility of modifying a standard KVM switch to include an Arduino based key logger. We show that this can be achieved using off-the-shelf tools and components by anyone with a minimum of electronic engineering and programming knowledge.

Vulnerabilities

Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle – alephsecurity.com
In this blog post we describe a new critical vulnerability CVE-2017-5622 in OnePlus 3/3T (OxygenOS 4.0.2 and below), which relaxes the attack prerequisites. Combining it with CVE-2017-5626 allows a malicious charger to own your device if it’s hooked-up while being powered off (the charger may also just wait until the battery is drained).

An Analysis of CVE-2017-5638 – blog.gdssecurity.com
At GDS, we’ve had a busy few weeks helping our clients manage the risk associated with CVE-2017-5638 (S2-045), a recently published Apache Struts server-side template injection vulnerability. As we began this work, I found myself curious about the conditions that lead to this vulnerability in the Struts library code.

Congress just killed online privacy rules. Now what? (FAQ) – www.cnet.com
As of Tuesday, both houses of Congress have voted to repeal regulations adopted last year by the Federal Communications Commission. The next step is a signature from President Donald Trump, who has already signaled he’s eager to get rid of the regulation.

The Purge is cancelled: Hackers unleash sirens of doom on Dallas – mashable.com
Beginning around 11:44 p.m., all 156 of the outdoor warning sirens meant to alert the residents of Dallas (population 1.3 million) of impending disaster bellowed across the city. There was no immediate explanation, and the sirens didn’t stop.

Sponsors

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.